Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I set up rule to allow TFTP from DMZ?

Hello! I'm trying to set up a firewall rule to allow TFTP traffic to come from my switches in my DMZ so as to do proper configuration backups. Ideally I'd like to allow ONLY these 2 IP's for TFTP traffic and nothing else. I set up the below rule for one of them but had no luck.

Any thoughts on what I may be missing?

 

access-list dmz1_access_in extended permit udp host 10.1.61.20 host 10.1.80.220 eq tftp

 

10.1.61.20 = DMZ Switch

10.1.80.220 = TFTP Server

 

Everyone's tags (1)
2 REPLIES

Hello,TFTP requires high

Hello,

TFTP requires high ports range 1024 - 65535 also needs to be allowed... Also some cases it requires bi-directional flows.

So i request you to try by allowing 1024-65535 1st and the try for the bi-directional port allow for the same if 1st method doesn't works.

 

Regards

Karthik

 

New Member

Turns out I had the correct

Turns out I had the correct rules in place. The issue was that I had routes missing to the DMZ subnet.
172
Views
0
Helpful
2
Replies